Entries Tagged "FEMA"

Page 1 of 1

Leaked 9/11 Text Messages

Wikileaks has published pager intercepts from New York on 9/11:

WikiLeaks released half a million US national text pager intercepts. The intercepts cover a 24 hour period surrounding the September 11, 2001 attacks in New York and Washington.

[…]

Text pagers are usualy carried by persons operating in an official capacity. Messages in the archive range from Pentagon, FBI, FEMA and New York Police Department exchanges, to computers reporting faults at investment banks inside the World Trade Center.

Near as I can tell, these messages are from the commercial pager networks of Arch Wireless, Metrocall, Skytel, and Weblink Wireless, and include all customers of that service: government, corporate, and personal.

There are lots of nuggets in the data about the government response to 9/11:

One string of messages hints at how federal agencies scrambled to evacuate to Mount Weather, the government’s sort-of secret bunker buried under the Virginia mountains west of Washington, D.C. One message says, “Jim: DEPLOY TO MT. WEATHER NOW!,” and another says “CALL OFICE (sic) AS SOON AS POSSIBLE. 4145 URGENT.” That’s the phone number for the Federal Emergency Management Agency’s National Continuity Programs Directorate—which is charged with “the preservation of our constitutional form of government at all times,” even during a nuclear war. (A 2006 article in the U.K. Guardian newspaper mentioned a “a traffic jam of limos carrying Washington and government license plates” heading to Mount Weather that day.)

FEMA’s response seemed less than organized. One message at 12:37 p.m., four hours after the attacks, says: “We have no mission statements yet.” Bill Prusch, FEMA’s project officer for the National Emergency Management Information System at the time, apparently announced at 2 p.m. that the Continuity of Operations plan was activated and that certain employees should report to Mt. Weather; a few minutes later he sent out another note saying the activation was cancelled.

Historians will certainly spend a lot of time poring over the messages, but I’m more interested in where they came from in the first place:

It’s not clear how they were obtained in the first place. One possibility is that they were illegally compiled from the records of archived messages maintained by pager companies, and then eventually forwarded to WikiLeaks.

The second possibility is more likely: Over-the-air interception. Each digital pager is assigned a unique Channel Access Protocol code, or capcode, that tells it to pay attention to what immediately follows. In what amounts to a gentlemen’s agreement, no encryption is used, and properly-designed pagers politely ignore what’s not addressed to them.

But an electronic snoop lacking that same sense of etiquette might hook up a sufficiently sophisticated scanner to a Windows computer with lots of disk space—and record, without much effort, gobs and gobs of over-the-air conversations.

Existing products do precisely this. Australia’s WiPath Communications offers Interceptor 3.0 (there’s even a free download). Maryland-based SWS Security Products sells something called a “Beeper Buster” that it says let police “watch up to 2500 targets at the same time.” And if you’re frugal, there’s a video showing you how to take a $10 pager and modify it to capture everything on that network.

It’s disturbing to realize that someone, possibly not even a government, was routinely intercepting most (all?) of the pager data in lower Manhattan as far back as 2001. Who was doing it? For that purpose? That, we don’t know.

Posted on November 26, 2009 at 7:11 AMView Comments

First Responders

I live in Minneapolis, so the collapse of the Interstate 35W bridge over the Mississippi River earlier this month hit close to home, and was covered in both my local and national news.

Much of the initial coverage consisted of human interest stories, centered on the victims of the disaster and the incredible bravery shown by first responders: the policemen, firefighters, EMTs, divers, National Guard soldiers and even ordinary people, who all risked their lives to save others. (Just two weeks later, three rescue workers died in their almost-certainly futile attempt to save six miners in Utah.)

Perhaps the most amazing aspect of these stories is that there’s nothing particularly amazing about it. No matter what the disaster—hurricane, earthquake, terrorist attack—the nation’s first responders get to the scene soon after.

Which is why it’s such a crime when these people can’t communicate with each other.

Historically, police departments, fire departments and ambulance drivers have all had their own independent communications equipment, so when there’s a disaster that involves them all, they can’t communicate with each other. A 1996 government report said this about the first World Trade Center bombing in 1993: “Rescuing victims of the World Trade Center bombing, who were caught between floors, was hindered when police officers could not communicate with firefighters on the very next floor.”

And we all know that police and firefighters had the same problem on 9/11. You can read details in firefighter Dennis Smith’s book and 9/11 Commission testimony. The 9/11 Commission Report discusses this as well: Chapter 9 talks about the first responders’ communications problems, and commission recommendations for improving emergency-response communications are included in Chapter 12 (pp. 396-397).

In some cities, this communication gap is beginning to close. Homeland Security money has flowed into communities around the country. And while some wasted it on measures like cameras, armed robots and things having nothing to do with terrorism, others spent it on interoperable communications capabilities. Minnesota did that in 2004.

It worked. Hennepin County Sheriff Rich Stanek told the St. Paul Pioneer-Press that lives were saved by disaster planning that had been fine-tuned and improved with lessons learned from 9/11:

“We have a unified command system now where everyone—police, fire, the sheriff’s office, doctors, coroners, local and state and federal officials—operate under one voice,” said Stanek, who is in charge of water recovery efforts at the collapse site.

“We all operate now under the 800 (megahertz radio frequency system), which was the biggest criticism after 9/11,” Stanek said, “and to have 50 to 60 different agencies able to speak to each other was just fantastic.”

Others weren’t so lucky. Louisiana’s first responders had catastrophic communications problems in 2005, after Hurricane Katrina. According to National Defense Magazine:

Police could not talk to firefighters and emergency medical teams. Helicopter and boat rescuers had to wave signs and follow one another to survivors. Sometimes, police and other first responders were out of touch with comrades a few blocks away. National Guard relay runners scurried about with scribbled messages as they did during the Civil War.

A congressional report on preparedness and response to Katrina said much the same thing.

In 2004, the U.S. Conference of Mayors issued a report on communications interoperability. In 25 percent of the 192 cities surveyed, the police couldn’t communicate with the fire department. In 80 percent of cities, municipal authorities couldn’t communicate with the FBI, FEMA and other federal agencies.

The source of the problem is a basic economic one, called the collective action problem. A collective action is one that needs the coordinated effort of several entities in order to succeed. The problem arises when each individual entity’s needs diverge from the collective needs, and there is no mechanism to ensure that those individual needs are sacrificed in favor of the collective need.

Jerry Brito of George Mason University shows how this applies to first-responder communications. Each of the nation’s 50,000 or so emergency-response organizations—local police department, local fire department, etc.—buys its own communications equipment. As you’d expect, they buy equipment as closely suited to their needs as they can. Ensuring interoperability with other organizations’ equipment benefits the common good, but sacrificing their unique needs for that compatibility may not be in the best immediate interest of any of those organizations. There’s no central directive to ensure interoperability, so there ends up being none.

This is an area where the federal government can step in and do good. Too much of the money spent on terrorism defense has been overly specific: effective only if the terrorists attack a particular target or use a particular tactic. Money spent on emergency response is different: It’s effective regardless of what the terrorists plan, and it’s also effective in the wake of natural or infrastructure disasters.

No particular disaster, whether intentional or accidental, is common enough to justify spending a lot of money on preparedness for a specific emergency. But spending money on preparedness in general will pay off again and again.

This essay originally appeared on Wired.com.

EDITED TO ADD (7/13): More research.

Posted on August 23, 2007 at 3:23 AMView Comments

Katrina and Security

I had an op ed published in the Minneapolis Star-Tribune today.

Toward a Truly Safer Nation
Published September 11, 2005

Leaving aside the political posturing and the finger-pointing, how did our nation mishandle Katrina so badly? After spending tens of billions of dollars on homeland security (hundreds of billions, if you include the war in Iraq) in the four years after 9/11, what did we do wrong? Why were there so many failures at the local, state and federal levels?

These are reasonable questions. Katrina was a natural disaster and not a terrorist attack, but that only matters before the event. Large-scale terrorist attacks and natural disasters differ in cause, but they’re very similar in aftermath. And one can easily imagine a Katrina-like aftermath to a terrorist attack, especially one involving nuclear, biological or chemical weapons.

Improving our disaster response was discussed in the months after 9/11. We were going to give money to local governments to fund first responders. We established the Department of Homeland Security to streamline the chains of command and facilitate efficient and effective response.

The problem is that we all got caught up in “movie-plot threats,” specific attack scenarios that capture the imagination and then the dollars. Whether it’s terrorists with box cutters or bombs in their shoes, we fear what we can imagine. We’re searching backpacks in the subways of New York, because this year’s movie plot is based on a terrorist bombing in the London subways.

Funding security based on movie plots looks good on television, and gets people reelected. But there are millions of possible scenarios, and we’re going to guess wrong. The billions spent defending airlines are wasted if the terrorists bomb crowded shopping malls instead.

Our nation needs to spend its homeland security dollars on two things: intelligence-gathering and emergency response. These two things will help us regardless of what the terrorists are plotting, and the second helps both against terrorist attacks and national disasters.

Katrina demonstrated that we haven’t invested enough in emergency response. New Orleans police officers couldn’t talk with each other after power outages shut down their primary communications system—and there was no backup. The Department of Homeland Security, which was established in order to centralize federal response in a situation like this, couldn’t figure out who was in charge or what to do, and actively obstructed aid by others. FEMA did no better, and thousands died while turf battles were being fought.

Our government’s ineptitude in the aftermath of Katrina demonstrates how little we’re getting for all our security spending. It’s unconscionable that we’re wasting our money fingerprinting foreigners, profiling airline passengers, and invading foreign countries while emergency response at home goes underfunded.

Money spent on emergency response makes us safer, regardless of what the next disaster is, whether terrorist-made or natural.

This includes good communications on the ground, good coordination up the command chain, and resources—people and supplies—that can be quickly deployed wherever they’re needed.

Similarly, money spent on intelligence-gathering makes us safer, regardless of what the next disaster is. Against terrorism, that includes the NSA and the CIA. Against natural disasters, that includes the National Weather Service and the National Earthquake Information Center.

Katrina deftly illustrated homeland security’s biggest challenge: guessing correctly. The solution is to fund security that doesn’t rely on guessing. Defending against movie plots doesn’t make us appreciably safer. Emergency response does. It lessens the damage and suffering caused by disasters, whether man-made, like 9/11, or nature-made, like Katrina.

Posted on September 11, 2005 at 8:00 AMView Comments

Security Lessons of the Response to Hurricane Katrina

There are many, large and small, but I want to mention two that I haven’t seen discussed elsewhere.

1. The aftermath of this tragedy reflects on how poorly we’ve been spending our homeland security dollars. Again and again, I’ve said that we need to invest in 1) intelligence gathering, and 2) emergency response. These two things will help us regardless of what the terrorists are plotting, and the second helps in the event of a natural disaster. (In general, the only difference between a manmade disaster and a natural one is the cause. After a disaster occurs, it doesn’t matter.) The response by DHS and FEMA was abysmal, and demonstrated how little we’ve been getting for all our security spending. It’s unconscionable that we’re wasting our money on national ID cards, airline passenger profiling, and foreign invasions rather than emergency response at home: communications, training, transportation, coordination.

2. Redundancy, and to a lesser extent, inefficiency, are good for security. Efficiency is brittle. Redundancy results in less-brittle systems, and provides defense in depth. We need multiple organizations with overlapping capabilities, all helping in their own way: FEMA, DHS, the military, the Red Cross, etc. We need overcapacity, in water pumping capabilities, communications, emergency supplies, and so on. I wrote about this back in 2001, in opposition to the formation of the Department of Homeland Security. The government’s response to Katrina demonstrates this yet again.

Posted on September 6, 2005 at 12:15 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.